The SEC’s increased emphasis on cybersecurity continues to merit attention as it enhances the focus on Private Funds, ESG, and Operational Resiliency.
Key Takeaways:
- Most notably, from a CYBERSECURITY PERSPECTIVE, the SEC is focused on Information Security and Operational Resilience as it relates to broker-dealers’, RIAs’, and other registrants’ practices to prevent interruptions to mission-critical services and to protect investor information, records, and assets.
- For Information Security and Operational Resiliency, the Division will review broker-dealers’, RIAs’, and other registrants’ practices to prevent interruptions to mission-critical services and to protect investor information, records, and assets.
- Examinations will continue to review whether firms have taken appropriate measures to:
- Safeguard customer accounts and prevent account intrusions
- Oversee vendors and service providers
- Address malicious email activities, such as phishing or account intrusions
- Respond to incidents, including those related to ransomware attacks, identify and detect red flags related to identity theft, and manage operational risk as a result of a dispersed workforce
- In addition, the Division will again be reviewing registrants’ business continuity and disaster recovery plans, with a particular focus on the impact of climate risk and substantial disruptions to normal business operations.
Why it Matters:
- The priorities are based on a risk-based approach that includes an analysis of a given entity’s history, operations, services, products offered, and other risk factors to ensure there are guard rails in place to prevent past mistakes.
- The list is compiled by staff who are uniquely positioned to examine practices, products, services, and other factors that may pose risks to investors or the financial markets.
Resources:
- Source: https://www.sec.gov/news/press-release/2022-57
- BW’s Regulatory Compliance: https://www.bwcyberservices.com/services/regulatory-compliance/
- BW’s Cybersecurity Risk Assessment: https://www.bwcyberservices.com/services/cybersecurity-risk-assessment/
- BW’s Vulnerability Assessment and Penetration Testing: https://www.bwcyberservices.com/services/penetration-testing/
- BW’s Enterprise / Custom Training & Phishing: https://www.bwcyberservices.com/services/training-phishing/